Merge pull request #80 from tracim/feature/578_add_api_for_workspace/apps

setup.py

     # others
     'filedepot',
     'babel',
+    'python-slugify',
     # mail-notifier
     'mako',
     'lxml',

tracim/__init__.py

 from tracim.lib.webdav import WebdavAppFactory
 from tracim.views import BASE_API_V2
 from tracim.views.core_api.session_controller import SessionController
+from tracim.views.core_api.system_controller import SystemController
+from tracim.views.core_api.user_controller import UserController
+from tracim.views.core_api.workspace_controller import WorkspaceController
 from tracim.views.errors import ErrorSchema
 from tracim.lib.utils.cors import add_cors_support
 
     context.handle_exception(OperationalError, 500)
     context.handle_exception(Exception, 500)
     # Add controllers
-    session_api = SessionController()
-    configurator.include(session_api.bind, route_prefix=BASE_API_V2)
+    session_controller = SessionController()
+    system_controller = SystemController()
+    user_controller = UserController()
+    workspace_controller = WorkspaceController()
+    configurator.include(session_controller.bind, route_prefix=BASE_API_V2)
+    configurator.include(system_controller.bind, route_prefix=BASE_API_V2)
+    configurator.include(user_controller.bind, route_prefix=BASE_API_V2)
+    configurator.include(workspace_controller.bind, route_prefix=BASE_API_V2)
     hapic.add_documentation_view(
         '/api/v2/doc',
         'Tracim v2 API',

tracim/command/user.py

         self._group_api = GroupApi(
             current_user=None,
             session=self._session,
+            config=self._app_config,
         )
         user = self._proceed_user(parsed_args)
         self._proceed_groups(user, parsed_args)

tracim/exceptions.py

     pass
 
 
-class NotAuthentificated(TracimException):
+class NotAuthenticated(TracimException):
     pass
 
 
     pass
 
 
-class UserNotExist(TracimException):
+class UserDoesNotExist(TracimException):
+    pass
+
+
+class UserNotFoundInTracimRequest(TracimException):
     pass
 
 

tracim/fixtures/content.py

         admin_workspace_api = WorkspaceApi(
             current_user=admin,
             session=self._session,
+            config=self._config,
         )
         bob_workspace_api = WorkspaceApi(
             current_user=bob,
             session=self._session,
+            config=self._config
         )
         content_api = ContentApi(
             current_user=admin,
         role_api = RoleApi(
             current_user=admin,
             session=self._session,
+            config=self._config,
         )
 
         # Workspaces
-        w1 = admin_workspace_api.create_workspace('w1', save_now=True)
-        w2 = bob_workspace_api.create_workspace('w2', save_now=True)
-        w3 = admin_workspace_api.create_workspace('w3', save_now=True)
+        w1 = admin_workspace_api.create_workspace(
+            'w1',
+            description='This is a workspace',
+            save_now=True
+        )
+        w2 = bob_workspace_api.create_workspace(
+            'w2',
+            description='A great workspace',
+            save_now=True
+        )
+        w3 = admin_workspace_api.create_workspace(
+            'w3',
+            description='Just another workspace',
+            save_now=True
+        )
 
         # Workspaces roles
         role_api.create_one(

tracim/lib/core/group.py

 # -*- coding: utf-8 -*-
 import typing
 
+from tracim import CFG
+
 __author__ = 'damien'
 
 from tracim.models.auth import Group, User
             self,
             session: Session,
             current_user: typing.Optional[User],
+            config: CFG
     ):
         self._user = current_user
         self._session = session
+        self._config = config
 
     def _base_query(self) -> Query:
         return self._session.query(Group)

tracim/lib/core/user.py

 
 from tracim import CFG
 from tracim.models.auth import User
+from tracim.models.auth import Group
 from sqlalchemy.orm.exc import NoResultFound
-from tracim.exceptions import WrongUserPassword, UserNotExist
+from tracim.exceptions import WrongUserPassword, UserDoesNotExist
 from tracim.exceptions import AuthenticationFailed
 from tracim.models.context_models import UserInContext
 
         """
         Get one user by user id
         """
-        return self._base_query().filter(User.user_id == user_id).one()
+        try:
+            user = self._base_query().filter(User.user_id == user_id).one()
+        except NoResultFound as exc:
+            raise UserDoesNotExist('User "{}" not found in database'.format(user_id)) from exc  # nopep8
+        return user
 
     def get_one_by_email(self, email: str) -> User:
         """
         :param email: Email of the user
         :return: one user
         """
-        return self._base_query().filter(User.email == email).one()
+        try:
+            user = self._base_query().filter(User.email == email).one()
+        except NoResultFound as exc:
+            raise UserDoesNotExist('User "{}" not found in database'.format(email)) from exc  # nopep8
+        return user
 
     # FIXME - G.M - 24-04-2018 - Duplicate method with get_one.
     def get_one_by_id(self, id: int) -> User:
         Get current_user
         """
         if not self._user:
-            raise UserNotExist()
+            raise UserDoesNotExist('There is no current user')
         return self._user
 
     def get_all(self) -> typing.Iterable[User]:
             if user.validate_password(password):
                 return user
             else:
-                raise WrongUserPassword()
-        except (WrongUserPassword, NoResultFound):
-            raise AuthenticationFailed()
+                raise WrongUserPassword('User "{}" password is incorrect'.format(email))  # nopep8
+        except (WrongUserPassword, UserDoesNotExist) as exc:
+            raise AuthenticationFailed('User "{}" authentication failed'.format(email)) from exc  # nopep8
 
     # Actions
 

tracim/lib/core/userworkspace.py

 # -*- coding: utf-8 -*-
 import typing
 
+from tracim import CFG
+from tracim.models.context_models import UserRoleWorkspaceInContext
+
 __author__ = 'damien'
 
 from sqlalchemy.orm import Session
+from sqlalchemy.orm import Query
 from tracim.models.auth import User
 from tracim.models.data import Workspace
 from tracim.models.data import UserRoleInWorkspace
         ],
     }
 
+    def get_user_role_workspace_with_context(
+            self,
+            user_role: UserRoleInWorkspace
+    ) -> UserRoleWorkspaceInContext:
+        """
+        Return WorkspaceInContext object from Workspace
+        """
+        assert self._config
+        workspace = UserRoleWorkspaceInContext(
+            user_role=user_role,
+            dbsession=self._session,
+            config=self._config,
+        )
+        return workspace
+
     @classmethod
     def role_can_read_member_role(cls, reader_role: int, tested_role: int) \
             -> bool:
 
         return role
 
-    def __init__(self, session: Session, current_user: typing.Optional[User]):
+    def __init__(
+        self,
+        session: Session,
+        current_user: typing.Optional[User],
+        config: CFG,
+    )-> None:
         self._session = session
         self._user = current_user
+        self._config = config
 
-    def _get_one_rsc(self, user_id, workspace_id):
+    def _get_one_rsc(self, user_id: int, workspace_id: int) -> Query:
         """
         :param user_id:
         :param workspace_id:
             filter(UserRoleInWorkspace.workspace_id == workspace_id).\
             filter(UserRoleInWorkspace.user_id == user_id)
 
-    def get_one(self, user_id, workspace_id):
+    def get_one(self, user_id: int, workspace_id: int) -> UserRoleInWorkspace:
         return self._get_one_rsc(user_id, workspace_id).one()
 
     def create_one(
-            self,
-            user: User,
-            workspace: Workspace,
-            role_level: int,
-            with_notif: bool,
-            flush: bool=True
+        self,
+        user: User,
+        workspace: Workspace,
+        role_level: int,
+        with_notif: bool,
+        flush: bool=True
     ) -> UserRoleInWorkspace:
         role = self.create_role()
         role.user_id = user.user_id
             self._session.flush()
         return role
 
-    def delete_one(self, user_id, workspace_id, flush=True):
+    def delete_one(self, user_id: int, workspace_id: int, flush=True) -> None:
         self._get_one_rsc(user_id, workspace_id).delete()
         if flush:
             self._session.flush()
 
-    def _get_all_for_user(self, user_id):
+    def _get_all_for_user(self, user_id) -> typing.List[UserRoleInWorkspace]:
         return self._session.query(UserRoleInWorkspace)\
             .filter(UserRoleInWorkspace.user_id == user_id)
 
-    def get_all_for_user(self, user_id):
-        return self._get_all_for_user(user_id).all()
+    def get_all_for_user(self, user: User) -> typing.List[UserRoleInWorkspace]:
+        return self._get_all_for_user(user.user_id).all()
 
     def get_all_for_user_order_by_workspace(
-            self,
-            user_id: int
-    ) -> UserRoleInWorkspace:
+        self,
+        user_id: int
+    ) -> typing.List[UserRoleInWorkspace]:
         return self._get_all_for_user(user_id)\
             .join(UserRoleInWorkspace.workspace).order_by(Workspace.label).all()
 
-    def get_all_for_workspace(self, workspace_id):
+    def get_all_for_workspace(
+        self,
+        workspace:Workspace
+    ) -> typing.List[UserRoleInWorkspace]:
         return self._session.query(UserRoleInWorkspace)\
-            .filter(UserRoleInWorkspace.workspace_id == workspace_id).all()
+            .filter(UserRoleInWorkspace.workspace_id==workspace.workspace_id)\
+            .all()
 
-    def save(self, role: UserRoleInWorkspace):
+    def save(self, role: UserRoleInWorkspace) -> None:
         self._session.flush()
 
+    # TODO - G.M - 07-06-2018 - [Cleanup] Check if this method is already needed
     @classmethod
-    def get_roles_for_select_field(cls):
+    def get_roles_for_select_field(cls) -> typing.List[RoleType]:
         """
 
         :return: list of DictLikeClass instances representing available Roles

tracim/lib/core/workspace.py

 
 from sqlalchemy.orm import Query
 from sqlalchemy.orm import Session
+
+from tracim import CFG
 from tracim.lib.utils.translation import fake_translator as _
 
 from tracim.lib.core.userworkspace import RoleApi
 from tracim.models.auth import Group
 from tracim.models.auth import User
+from tracim.models.context_models import WorkspaceInContext
 from tracim.models.data import UserRoleInWorkspace
 from tracim.models.data import Workspace
 
             self,
             session: Session,
             current_user: User,
+            config: CFG,
             force_role: bool=False
     ):
         """
         """
         self._session = session
         self._user = current_user
+        self._config = config
         self._force_role = force_role
 
     def _base_query_without_roles(self):
             filter(UserRoleInWorkspace.user_id == self._user.user_id).\
             filter(Workspace.is_deleted == False)
 
+    def get_workspace_with_context(
+            self,
+            workspace: Workspace
+    ) -> WorkspaceInContext:
+        """
+        Return WorkspaceInContext object from Workspace
+        """
+        workspace = WorkspaceInContext(
+            workspace=workspace,
+            dbsession=self._session,
+            config=self._config,
+        )
+        return workspace
+
     def create_workspace(
             self,
             label: str='',
         role_api = RoleApi(
             session=self._session,
             current_user=self._user,
+            config=self._config
         )
 
         role = role_api.create_one(

tracim/lib/mail_notifier/notifier.py

         notifiable_roles = WorkspaceApi(
             current_user=user,
             session=self.session,
+            config=self.config,
         ).get_notifiable_roles(content.workspace)
 
         if len(notifiable_roles) <= 0:

tracim/lib/utils/authentification.py

 from sqlalchemy.orm.exc import NoResultFound
 
 from tracim import TracimRequest
+from tracim.exceptions import UserDoesNotExist
 from tracim.lib.core.user import UserApi
 from tracim.models import User
 
         if not login:
             return None
         user = uapi.get_one_by_email(login)
-    except NoResultFound:
+    except UserDoesNotExist:
         return None
     return user

tracim/lib/utils/authorization.py

 # We prefer to use decorators
 
 
-def require_profile(group):
+def require_same_user_or_profile(group: int):
+    """
+    Decorator for view to restrict access of tracim request if candidate user
+    is distinct from authenticated user and not with high enough profile.
+    :param group: value from Group Object
+    like Group.TIM_USER or Group.TIM_MANAGER
+    :return:
+    """
+    def decorator(func):
+        def wrapper(self, context, request: 'TracimRequest'):
+            auth_user = request.current_user
+            candidate_user = request.candidate_user
+            if auth_user.user_id == candidate_user.user_id or \
+                    auth_user.profile.id >= group:
+                return func(self, context, request)
+            raise InsufficientUserProfile()
+        return wrapper
+    return decorator
+
+
+def require_profile(group: int):
     """
     Decorator for view to restrict access of tracim request if profile is
     not high enough
     return decorator
 
 
-def require_workspace_role(minimal_required_role):
+def require_workspace_role(minimal_required_role: int):
     """
     Decorator for view to restrict access of tracim request if role
     is not high enough

tracim/lib/utils/request.py

-import typing
+# -*- coding: utf-8 -*-
 from pyramid.request import Request
 from sqlalchemy.orm.exc import NoResultFound
 
-from tracim.exceptions import NotAuthentificated
+from tracim.exceptions import NotAuthenticated
+from tracim.exceptions import UserNotFoundInTracimRequest
+from tracim.exceptions import UserDoesNotExist
 from tracim.exceptions import WorkspaceNotFound
 from tracim.exceptions import ImmutableAttribute
 from tracim.lib.core.user import UserApi
             decode_param_names,
             **kw
         )
+        # Current workspace, found by request headers or content
         self._current_workspace = None  # type: Workspace
+
+        # Authenticated user
         self._current_user = None  # type: User
+
+        # User found from request headers, content, distinct from authenticated
+        # user
+        self._candidate_user = None  # type: User
+
         # INFO - G.M - 18-05-2018 - Close db at the end of the request
         self.add_finished_callback(self._cleanup)
 
         :return: Workspace of the request
         """
         if self._current_workspace is None:
-            self.current_workspace = get_workspace(self.current_user, self)
+            self.current_workspace = self._get_workspace(self.current_user, self)
         return self._current_workspace
 
     @current_workspace.setter
 
     @property
     def current_user(self) -> User:
+        """
+        Get user from authentication mecanism.
+        """
         if self._current_user is None:
-            self.current_user = get_safe_user(self)
+            self.current_user = self._get_auth_safe_user(self)
         return self._current_user
 
     @current_user.setter
             )
         self._current_user = user
 
+    # TODO - G.M - 24-05-2018 - Find a better naming for this ?
+    @property
+    def candidate_user(self) -> User:
+        """
+        Get user from headers/body request. This user is not
+        the one found by authentication mecanism. This user
+        can help user to know about who one page is about in
+        a similar way as current_workspace.
+        """
+        if self._candidate_user is None:
+            self.candidate_user = self._get_candidate_user(self)
+        return self._candidate_user
+
     def _cleanup(self, request: 'TracimRequest') -> None:
         """
         Close dbsession at the end of the request in order to avoid exception
         self._current_workspace = None
         self.dbsession.close()
 
-###
-# Utils for TracimRequest
-###
 
-def get_safe_user(
-        request: TracimRequest,
-) -> User:
-    """
-    Get current pyramid authenticated user from request
-    :param request: pyramid request
-    :return: current authenticated user
-    """
-    app_config = request.registry.settings['CFG']
-    uapi = UserApi(None, session=request.dbsession, config=app_config)
-    try:
-        login = request.authenticated_userid
-        if not login:
-            raise NotAuthentificated('not authenticated user_id,'
-                                     'Failed Authentification ?')
-        user = uapi.get_one_by_email(login)
-    except NoResultFound:
-        raise NotAuthentificated('User not found')
-    return user
-
-
-def get_workspace(
-        user: User,
-        request: TracimRequest
-) -> Workspace:
-    """
-    Get current workspace from request
-    :param user: User who want to check the workspace
-    :param request: pyramid request
-    :return: current workspace
-    """
-    workspace_id = ''
-    try:
-        if 'workspace_id' not in request.json_body:
-            raise WorkspaceNotFound('No workspace_id param in json body')
-        workspace_id = request.json_body['workspace_id']
-        wapi = WorkspaceApi(current_user=user, session=request.dbsession)
-        workspace = wapi.get_one(workspace_id)
-    except JSONDecodeError:
-        raise WorkspaceNotFound('Bad json body')
-    except NoResultFound:
-        raise WorkspaceNotFound(
-            'Workspace {} does not exist '
-            'or is not visible for this user'.format(workspace_id)
-        )
-    return workspace
+    @candidate_user.setter
+    def candidate_user(self, user: User) -> None:
+        if self._candidate_user is not None:
+            raise ImmutableAttribute(
+                "Can't modify already setted candidate_user"
+            )
+        self._candidate_user = user
+
+    ###
+    # Utils for TracimRequest
+    ###
+
+    def _get_candidate_user(
+            self,
+            request: 'TracimRequest',
+    ) -> User:
+        """
+        Get candidate user
+        :param request: pyramid request
+        :return: user found from header/body
+        """
+        app_config = request.registry.settings['CFG']
+        uapi = UserApi(None, session=request.dbsession, config=app_config)
+
+        try:
+            login = None
+            if 'user_id' in request.matchdict:
+                login = request.matchdict['user_id']
+            if not login:
+                raise UserNotFoundInTracimRequest('You request a candidate user but the context not permit to found one')  # nopep8
+            user = uapi.get_one(login)
+        except UserNotFoundInTracimRequest as exc:
+            raise UserDoesNotExist('User {} not found'.format(login)) from exc
+        return user
+
+    def _get_auth_safe_user(
+            self,
+            request: 'TracimRequest',
+    ) -> User:
+        """
+        Get current pyramid authenticated user from request
+        :param request: pyramid request
+        :return: current authenticated user
+        """
+        app_config = request.registry.settings['CFG']
+        uapi = UserApi(None, session=request.dbsession, config=app_config)
+        try:
+            login = request.authenticated_userid
+            if not login:
+                raise UserNotFoundInTracimRequest('You request a current user but the context not permit to found one')  # nopep8
+            user = uapi.get_one_by_email(login)
+        except (UserDoesNotExist, UserNotFoundInTracimRequest) as exc:
+            raise NotAuthenticated('User {} not found'.format(login)) from exc
+        return user
+
+    def _get_workspace(
+            self,
+            user: User,
+            request: 'TracimRequest'
+    ) -> Workspace:
+        """
+        Get current workspace from request
+        :param user: User who want to check the workspace
+        :param request: pyramid request
+        :return: current workspace
+        """
+        workspace_id = ''
+        try:
+            if 'workspace_id' in request.matchdict:
+                workspace_id = request.matchdict['workspace_id']
+            if not workspace_id:
+                raise WorkspaceNotFound('No workspace_id property found in request')
+            wapi = WorkspaceApi(
+                current_user=user,
+                session=request.dbsession,
+                config=request.registry.settings['CFG']
+            )
+            workspace = wapi.get_one(workspace_id)
+        except JSONDecodeError:
+            raise WorkspaceNotFound('Bad json body')
+        except NoResultFound:
+            raise WorkspaceNotFound(
+                'Workspace {} does not exist '
+                'or is not visible for this user'.format(workspace_id)
+            )
+        return workspace

tracim/lib/webdav/dav_provider.py

         if path == root_path:
             return resources.RootResource(path, environ, user=user, session=session)
 
-        workspace_api = WorkspaceApi(current_user=user, session=session)
+        workspace_api = WorkspaceApi(
+            current_user=user,
+            session=session,
+            config=self.app_config,
+        )
         workspace = self.get_workspace_from_path(path, workspace_api)
 
         # If the request path is in the form root/name, then we return a WorkspaceResource resource
 
         workspace = self.get_workspace_from_path(
             path,
-            WorkspaceApi(current_user=user, session=session)
+            WorkspaceApi(
+                current_user=user,
+                session=session,
+                config=self.app_config,
+            )
         )
 
         if parent_path == root_path or workspace is None:

tracim/lib/webdav/design.py

                     <td>%s</td>
                 </tr>
                 ''' % ('warning' if event.id == content_revision.revision_id else '',
-                       event.type.icon,
+                       event.type.fa_icon,
                        label,
                        date,
                        event.owner.display_name,
                         </div>
                     </div>
                     ''' % ('warning' if t.id == content_revision.revision_id else '',
-                           t.type.icon,
+                           t.type.fa_icon,
                            t.owner.display_name,
                            t.create_readable_date(),
                            label,

tracim/lib/webdav/resources.py

         self.workspace_api = WorkspaceApi(
             current_user=self.user,
             session=session,
-            force_role=True
+            force_role=True,
+            config=self.provider.app_config
         )
 
     def __repr__(self) -> str:
             workspace_api = WorkspaceApi(
                 current_user=self.user,
                 session=self.session,
+                config=self.provider.app_config,
                 )
             content_api = ContentApi(
                 current_user=self.user,

tracim/models/applications.py

+# coding=utf-8
+import typing
+
+
+class Application(object):
+    """
+    Application class with data needed for frontend
+    """
+    def __init__(
+            self,
+            label: str,
+            slug: str,
+            fa_icon: str,
+            hexcolor: str,
+            is_active: bool,
+            config: typing.Dict[str, str],
+            main_route: str,
+    ) -> None:
+        """
+        @param label: public label of application
+        @param slug: identifier of application
+        @param icon: font awesome icon class
+        @param hexcolor: hexa color of application main color
+        @param is_active: True if application enable, False if inactive
+        @param config: a dict with eventual application config
+        @param main_route: the route of the frontend "home" screen of
+        the application. For exemple, if you have an application
+        called "calendar", the main route will be something
+        like /#/workspace/{wid}/calendar.
+        """
+        self.label = label
+        self.slug = slug
+        self.fa_icon = fa_icon
+        self.hexcolor = hexcolor
+        self.is_active = is_active
+        self.config = config
+        self.main_route = main_route
+
+
+# default apps
+calendar = Application(
+    label='Calendar',
+    slug='calendar',
+    fa_icon='calendar-alt',
+    hexcolor='#757575',
+    is_active=True,
+    config={},
+    main_route='/#/workspaces/{workspace_id}/calendar',
+)
+
+thread = Application(
+    label='Threads',
+    slug='contents/threads',
+    fa_icon='comments-o',
+    hexcolor='#ad4cf9',
+    is_active=True,
+    config={},
+    main_route='/#/workspaces/{workspace_id}/contents?type=thread',
+
+)
+
+_file = Application(
+    label='Files',
+    slug='contents/files',
+    fa_icon='paperclip',
+    hexcolor='#FF9900',
+    is_active=True,
+    config={},
+    main_route='/#/workspaces/{workspace_id}/contents?type=file',
+)
+
+markdownpluspage = Application(
+    label='Markdown Plus Documents',  # TODO - G.M - 24-05-2018 - Check label
+    slug='contents/markdownpluspage',
+    fa_icon='file-code',
+    hexcolor='#f12d2d',
+    is_active=True,
+    config={},
+    main_route='/#/workspaces/{workspace_id}/contents?type=markdownpluspage',
+)
+
+htmlpage = Application(
+    label='Text Documents',  # TODO - G.M - 24-05-2018 - Check label
+    slug='contents/htmlpage',
+    fa_icon='file-text-o',
+    hexcolor='#3f52e3',
+    is_active=True,
+    config={},
+    main_route='/#/workspaces/{workspace_id}/contents?type=htmlpage',
+)
+# TODO - G.M - 08-06-2018 - This is hardcoded lists of app, make this dynamic.
+# List of applications
+applications = [
+    htmlpage,
+    markdownpluspage,
+    _file,
+    thread,
+    calendar,
+]

tracim/models/auth.py

 class Profile(object):
     """This model is the "max" group associated to a given user."""
 
-    _NAME = [Group.TIM_NOBODY_GROUPNAME,
-             Group.TIM_USER_GROUPNAME,
-             Group.TIM_MANAGER_GROUPNAME,
-             Group.TIM_ADMIN_GROUPNAME]
+    _NAME = [
+        Group.TIM_NOBODY_GROUPNAME,
+        Group.TIM_USER_GROUPNAME,
+        Group.TIM_MANAGER_GROUPNAME,
+        Group.TIM_ADMIN_GROUPNAME,
+    ]
+
+    _IDS = [
+        Group.TIM_NOBODY,
+        Group.TIM_USER,
+        Group.TIM_MANAGER,
+        Group.TIM_ADMIN,
+    ]
 
     # TODO - G.M - 18-04-2018 [Cleanup] Drop this
     # _LABEL = [l_('Nobody'),

tracim/models/context_models.py

 import typing
 from datetime import datetime
 
+from slugify import slugify
 from sqlalchemy.orm import Session
 from tracim import CFG
 from tracim.models import User
 from tracim.models.auth import Profile
+from tracim.models.data import Workspace, UserRoleInWorkspace
+from tracim.models.workspace_menu_entries import default_workspace_menu_entry
+from tracim.models.workspace_menu_entries import WorkspaceMenuEntry
 
 
 class LoginCredentials(object):
     def avatar_url(self) -> typing.Optional[str]:
         # TODO - G-M - 20-04-2018 - [Avatar] Add user avatar feature
         return None
+
+
+class WorkspaceInContext(object):
+    """
+    Interface to get Workspace data and Workspace data related to context.
+    """
+
+    def __init__(self, workspace: Workspace, dbsession: Session, config: CFG):
+        self.workspace = workspace
+        self.dbsession = dbsession
+        self.config = config
+
+    @property
+    def workspace_id(self) -> int:
+        """
+        numeric id of the workspace.
+        """
+        return self.workspace.workspace_id
+
+    @property
+    def id(self) -> int:
+        """
+        alias of workspace_id
+        """
+        return self.workspace_id
+
+    @property
+    def label(self) -> str:
+        """
+        get workspace label
+        """
+        return self.workspace.label
+
+    @property
+    def description(self) -> str:
+        """
+        get workspace description
+        """
+        return self.workspace.description
+
+    @property
+    def slug(self) -> str:
+        """
+        get workspace slug
+        """
+        return slugify(self.workspace.label)
+
+    @property
+    def sidebar_entries(self) -> typing.List[WorkspaceMenuEntry]:
+        """
+        get sidebar entries, those depends on activated apps.
+        """
+        # TODO - G.M - 22-05-2018 - Rework on this in
+        # order to not use hardcoded list
+        # list should be able to change (depending on activated/disabled
+        # apps)
+        return default_workspace_menu_entry(self.workspace)
+
+
+class UserRoleWorkspaceInContext(object):
+    """
+    Interface to get UserRoleInWorkspace data and related content
+
+    """
+    def __init__(
+            self,
+            user_role: UserRoleInWorkspace,
+            dbsession: Session,
+            config: CFG,
+    )-> None:
+        self.user_role = user_role
+        self.dbsession = dbsession
+        self.config = config
+
+    @property
+    def user_id(self) -> int:
+        """
+        User who has the role has this id
+        :return: user id as integer
+        """
+        return self.user_role.user_id
+
+    @property
+    def workspace_id(self) -> int:
+        """
+        This role apply only on the workspace with this workspace_id
+        :return: workspace id as integer
+        """
+        return self.user_role.workspace_id
+
+    # TODO - G.M - 23-05-2018 - Check the API spec for this this !
+
+    @property
+    def role_id(self) -> int:
+        """
+        role as int id, each value refer to a different role.
+        """
+        return self.user_role.role
+
+    @property
+    def role_slug(self) -> str:
+        """
+        simple name of the role of the user.
+        can be anything from UserRoleInWorkspace SLUG, like
+        'not_applicable', 'reader',
+        'contributor', 'content_manager', 'workspace_manager'
+        :return: user workspace role as slug.
+        """
+        return UserRoleInWorkspace.SLUG[self.user_role.role]
+
+    @property
+    def user(self) -> UserInContext:
+        """
+        User who has this role, with context data
+        :return: UserInContext object
+        """
+        return UserInContext(
+            self.user_role.user,
+            self.dbsession,
+            self.config
+        )
+
+    @property
+    def workspace(self) -> WorkspaceInContext:
+        """
+        Workspace related to this role, with his context data
+        :return: WorkspaceInContext object
+        """
+        return WorkspaceInContext(
+            self.user_role.workspace,
+            self.dbsession,
+            self.config
+        )

tracim/models/data.py

     CONTENT_MANAGER = 4
     WORKSPACE_MANAGER = 8
 
-    # TODO - G.M - 10-04-2018 - [Cleanup] Drop this
+    SLUG = {
+        NOT_APPLICABLE: 'not-applicable',
+        READER: 'reader',
+        CONTRIBUTOR: 'contributor',
+        CONTENT_MANAGER: 'content-manager',
+        WORKSPACE_MANAGER: 'workspace-manager',
+    }
+
     LABEL = dict()
     LABEL[0] = l_('N/A')
     LABEL[1] = l_('Reader')
     LABEL[2] = l_('Contributor')
     LABEL[4] = l_('Content Manager')
     LABEL[8] = l_('Workspace Manager')
+    # TODO - G.M - 10-04-2018 - [Cleanup] Drop this
     #
     # STYLE = dict()
     # STYLE[0] = ''
     #
     #
     # @property
-    # def icon(self):
+    # def fa_icon(self):
     #     return UserRoleInWorkspace.ICON[self.role]
     #
     # @property
         return UserRoleInWorkspace.LABEL[self.role]
 
     @classmethod
-    def get_all_role_values(self):
+    def get_all_role_values(cls) -> typing.List[int]:
+        """
+        Return all valid role value
+        """
         return [
             UserRoleInWorkspace.READER,
             UserRoleInWorkspace.CONTRIBUTOR,
             UserRoleInWorkspace.WORKSPACE_MANAGER
         ]
 
+    @classmethod
+    def get_all_role_slug(cls) -> typing.List[str]:
+        """
+        Return all valid role slug
+        """
+        # INFO - G.M - 25-05-2018 - Be carefull, as long as this method
+        # and get_all_role_values are both used for API, this method should
+        # return item in the same order as get_all_role_values
+        return [cls.SLUG[value] for value in cls.get_all_role_values()]
+
+
 class RoleType(object):
     def __init__(self, role_id):
         self.role_type_id = role_id
         # TODO - G.M - 10-04-2018 - [Cleanup] Drop this
-        # self.icon = UserRoleInWorkspace.ICON[role_id]
+        # self.fa_icon = UserRoleInWorkspace.ICON[role_id]
         # self.role_label = UserRoleInWorkspace.LABEL[role_id]
         # self.css_style = UserRoleInWorkspace.STYLE[role_id]
 
     def __init__(self, id):
         assert id in ActionDescription.allowed_values()
         self.id = id
-        # FIXME - G.M - 17-04-2018 - Label and icon needed for webdav
+        # FIXME - G.M - 17-04-2018 - Label and fa_icon needed for webdav
         #  design template,
         # find a way to not rely on this.
         self.label = self.id
-        self.icon = ActionDescription._ICONS[id]
+        self.fa_icon = ActionDescription._ICONS[id]
+        #self.icon = self.fa_icon
         # TODO - G.M - 10-04-2018 - [Cleanup] Drop this
         # self.label = ActionDescription._LABELS[id]
 
         self.id = id
         self.label = self.id
         # TODO - G.M - 10-04-2018 - [Cleanup] Drop this
-        # self.icon = ContentStatus._ICONS[id]
+        # self.fa_icon = ContentStatus._ICONS[id]
         # self.css = ContentStatus._CSS[id]
         #
         # if type==ContentType.Thread:
     def __init__(self, type):
         self.id = type
         # TODO - G.M - 10-04-2018 - [Cleanup] Drop this
-        # self.icon = ContentType._CSS_ICONS[type]
+        # self.fa_icon = ContentType._CSS_ICONS[type]
         # self.color = ContentType._CSS_COLORS[type]  # deprecated
         # self.css = ContentType._CSS_COLORS[type]
         # self.label = ContentType._LABEL[type]
         return dict(id=self.type,
                     type=self.type,
                     # TODO - G.M - 10-04-2018 - [Cleanup] Drop this
-                    # icon=self.icon,
+                    # fa_icon=self.fa_icon,
                     # color=self.color,
                     # label=self.label,
                     priority=self.priority)
         assert hasattr(type, 'id')
         # TODO - G.M - 10-04-2018 - [Cleanup] Drop this
         # assert hasattr(type, 'css')
-        # assert hasattr(type, 'icon')
+        # assert hasattr(type, 'fa_icon')
         # assert hasattr(type, 'label')
 
     def created_as_delta(self, delta_from_datetime:datetime=None):

tracim/models/workspace_menu_entries.py

+# coding=utf-8
+import typing
+from copy import copy
+
+from tracim.models.applications import applications
+from tracim.models.data import Workspace
+
+
+class WorkspaceMenuEntry(object):
+    """
+    Application class with data needed for frontend
+    """
+    def __init__(
+            self,
+            label: str,
+            slug: str,
+            fa_icon: str,
+            hexcolor: str,
+            route: str,
+    ) -> None:
+        self.slug = slug
+        self.label = label
+        self.route = route
+        self.hexcolor = hexcolor
+        self.fa_icon = fa_icon
+
+dashboard_menu_entry = WorkspaceMenuEntry(
+  slug='dashboard',
+  label='Dashboard',
+  route='/#/workspaces/{workspace_id}/dashboard',
+  hexcolor='#252525',
+  fa_icon="",
+)
+all_content_menu_entry = WorkspaceMenuEntry(
+  slug="contents/all",
+  label="All Contents",
+  route="/#/workspaces/{workspace_id}/contents",
+  hexcolor="#fdfdfd",
+  fa_icon="",
+)
+
+# TODO - G.M - 08-06-2018 - This is hardcoded default menu entry,
+#  of app, make this dynamic (and loaded from application system)
+def default_workspace_menu_entry(
+    workspace: Workspace,
+)-> typing.List[WorkspaceMenuEntry]:
+    """
+    Get default menu entry for a workspace
+    """
+    menu_entries = [
+        copy(dashboard_menu_entry),
+        copy(all_content_menu_entry),
+    ]
+    for app in applications:
+        if app.main_route:
+            new_entry = WorkspaceMenuEntry(
+                slug=app.slug,
+                label=app.label,
+                hexcolor=app.hexcolor,
+                fa_icon=app.fa_icon,
+                route=app.main_route
+            )
+            menu_entries.append(new_entry)
+
+    for entry in menu_entries:
+        entry.route = entry.route.replace(
+            '{workspace_id}',
+            str(workspace.workspace_id)
+        )
+
+    return menu_entries

tracim/tests/__init__.py

         WorkspaceApi(
             current_user=user,
             session=self.session,
+            config=self.app_config,
         ).create_workspace(name, save_now=True)
 
         eq_(

tracim/tests/functional/test_mail_notification.py

         wapi = WorkspaceApi(
             current_user=current_user,
             session=self.session,
+            config=self.app_config,
         )
         workspace = wapi.get_one_by_label('w1')
         user = uapi.get_one_by_email('bob@fsf.local')
         wapi = WorkspaceApi(
             current_user=current_user,
             session=self.session,
+            config=self.app_config,
         )
         workspace = wapi.get_one_by_label('w1')
         user = uapi.get_one_by_email('bob@fsf.local')

tracim/tests/functional/test_system.py

+# coding=utf-8
+from tracim.tests import FunctionalTest
+
+"""
+Tests for /api/v2/system subpath endpoints.
+"""
+
+class TestApplicationEndpoint(FunctionalTest):
+    """
+    Tests for /api/v2/system/applications
+    """
+
+    def test_api__get_applications__ok_200__nominal_case(self):
+        """
+        Get applications list with a registered user.
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        res = self.testapp.get('/api/v2/system/applications', status=200)
+        res = res.json_body
+        application = res[0]
+        assert application['label'] == "Text Documents"
+        assert application['slug'] == 'contents/htmlpage'
+        assert application['fa_icon'] == 'file-text-o'
+        assert application['hexcolor'] == '#3f52e3'
+        assert application['is_active'] is True
+        assert 'config' in application
+        application = res[1]
+        assert application['label'] == "Markdown Plus Documents"
+        assert application['slug'] == 'contents/markdownpluspage'
+        assert application['fa_icon'] == 'file-code'
+        assert application['hexcolor'] == '#f12d2d'
+        assert application['is_active'] is True
+        assert 'config' in application
+        application = res[2]
+        assert application['label'] == "Files"
+        assert application['slug'] == 'contents/files'
+        assert application['fa_icon'] == 'paperclip'
+        assert application['hexcolor'] == '#FF9900'
+        assert application['is_active'] is True
+        assert 'config' in application
+        application = res[3]
+        assert application['label'] == "Threads"
+        assert application['slug'] == 'contents/threads'
+        assert application['fa_icon'] == 'comments-o'
+        assert application['hexcolor'] == '#ad4cf9'
+        assert application['is_active'] is True
+        assert 'config' in application
+        application = res[4]
+        assert application['label'] == "Calendar"
+        assert application['slug'] == 'calendar'
+        assert application['fa_icon'] == 'calendar-alt'
+        assert application['hexcolor'] == '#757575'
+        assert application['is_active'] is True
+        assert 'config' in application
+
+    def test_api__get_workspace__err_401__unregistered_user(self):
+        """
+        Get applications list with an unregistered user (bad auth)
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'john@doe.doe',
+                'lapin'
+            )
+        )
+        res = self.testapp.get('/api/v2/system/applications', status=401)
+        assert isinstance(res.json, dict)
+        assert 'code' in res.json.keys()
+        assert 'message' in res.json.keys()
+        assert 'details' in res.json.keys()

tracim/tests/functional/test_user.py

+# -*- coding: utf-8 -*-
+"""
+Tests for /api/v2/users subpath endpoints.
+"""
+from tracim.tests import FunctionalTest
+from tracim.fixtures.content import Content as ContentFixtures
+from tracim.fixtures.users_and_groups import Base as BaseFixture
+
+
+class TestUserWorkspaceEndpoint(FunctionalTest):
+    # -*- coding: utf-8 -*-
+    """
+    Tests for /api/v2/users/{user_id}/workspaces
+    """
+    fixtures = [BaseFixture, ContentFixtures]
+
+    def test_api__get_user_workspaces__ok_200__nominal_case(self):
+        """
+        Check obtain all workspaces reachables for user with user auth.
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        res = self.testapp.get('/api/v2/users/1/workspaces', status=200)
+        res = res.json_body
+        workspace = res[0]
+        assert workspace['id'] == 1
+        assert workspace['label'] == 'w1'
+        assert len(workspace['sidebar_entries']) == 7
+
+        sidebar_entry = workspace['sidebar_entries'][0]
+        assert sidebar_entry['slug'] == 'dashboard'
+        assert sidebar_entry['label'] == 'Dashboard'
+        assert sidebar_entry['route'] == '/#/workspaces/1/dashboard'  # nopep8
+        assert sidebar_entry['hexcolor'] == "#252525"
+        assert sidebar_entry['fa_icon'] == ""
+
+        sidebar_entry = workspace['sidebar_entries'][1]
+        assert sidebar_entry['slug'] == 'contents/all'
+        assert sidebar_entry['label'] == 'All Contents'
+        assert sidebar_entry['route'] == "/#/workspaces/1/contents"  # nopep8
+        assert sidebar_entry['hexcolor'] == "#fdfdfd"
+        assert sidebar_entry['fa_icon'] == ""
+
+        sidebar_entry = workspace['sidebar_entries'][2]
+        assert sidebar_entry['slug'] == 'contents/htmlpage'
+        assert sidebar_entry['label'] == 'Text Documents'
+        assert sidebar_entry['route'] == '/#/workspaces/1/contents?type=htmlpage'  # nopep8
+        assert sidebar_entry['hexcolor'] == "#3f52e3"
+        assert sidebar_entry['fa_icon'] == "file-text-o"
+
+        sidebar_entry = workspace['sidebar_entries'][3]
+        assert sidebar_entry['slug'] == 'contents/markdownpluspage'
+        assert sidebar_entry['label'] == 'Markdown Plus Documents'
+        assert sidebar_entry['route'] == "/#/workspaces/1/contents?type=markdownpluspage"    # nopep8
+        assert sidebar_entry['hexcolor'] == "#f12d2d"
+        assert sidebar_entry['fa_icon'] == "file-code"
+
+        sidebar_entry = workspace['sidebar_entries'][4]
+        assert sidebar_entry['slug'] == 'contents/files'
+        assert sidebar_entry['label'] == 'Files'
+        assert sidebar_entry['route'] == "/#/workspaces/1/contents?type=file"  # nopep8
+        assert sidebar_entry['hexcolor'] == "#FF9900"
+        assert sidebar_entry['fa_icon'] == "paperclip"
+
+        sidebar_entry = workspace['sidebar_entries'][5]
+        assert sidebar_entry['slug'] == 'contents/threads'
+        assert sidebar_entry['label'] == 'Threads'
+        assert sidebar_entry['route'] == "/#/workspaces/1/contents?type=thread"  # nopep8
+        assert sidebar_entry['hexcolor'] == "#ad4cf9"
+        assert sidebar_entry['fa_icon'] == "comments-o"
+
+        sidebar_entry = workspace['sidebar_entries'][6]
+        assert sidebar_entry['slug'] == 'calendar'
+        assert sidebar_entry['label'] == 'Calendar'
+        assert sidebar_entry['route'] == "/#/workspaces/1/calendar"  # nopep8
+        assert sidebar_entry['hexcolor'] == "#757575"
+        assert sidebar_entry['fa_icon'] == "calendar-alt"
+
+    def test_api__get_user_workspaces__err_403__unallowed_user(self):
+        """
+        Check obtain all workspaces reachables for one user
+        with another non-admin user auth.
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'lawrence-not-real-email@fsf.local',
+                'foobarbaz'
+            )
+        )
+        res = self.testapp.get('/api/v2/users/1/workspaces', status=403)
+        assert isinstance(res.json, dict)
+        assert 'code' in res.json.keys()
+        assert 'message' in res.json.keys()
+        assert 'details' in res.json.keys()
+
+    def test_api__get_user_workspaces__err_401__unregistered_user(self):
+        """
+        Check obtain all workspaces reachables for one user
+        without correct user auth (user unregistered).
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'john@doe.doe',
+                'lapin'
+            )
+        )
+        res = self.testapp.get('/api/v2/users/1/workspaces', status=401)
+        assert isinstance(res.json, dict)
+        assert 'code' in res.json.keys()
+        assert 'message' in res.json.keys()
+        assert 'details' in res.json.keys()
+
+    def test_api__get_user_workspaces__err_404__user_does_not_exist(self):
+        """
+        Check obtain all workspaces reachables for one user who does
+        not exist
+        with a correct user auth.
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        res = self.testapp.get('/api/v2/users/5/workspaces', status=404)
+        assert isinstance(res.json, dict)
+        assert 'code' in res.json.keys()
+        assert 'message' in res.json.keys()
+        assert 'details' in res.json.keys()

tracim/tests/functional/test_workspaces.py

+# -*- coding: utf-8 -*-
+"""
+Tests for /api/v2/workspaces subpath endpoints.
+"""
+from tracim.tests import FunctionalTest
+from tracim.fixtures.content import Content as ContentFixtures
+from tracim.fixtures.users_and_groups import Base as BaseFixture
+
+
+class TestWorkspaceEndpoint(FunctionalTest):
+    """
+    Tests for /api/v2/workspaces/{workspace_id} endpoint
+    """
+
+    fixtures = [BaseFixture, ContentFixtures]
+
+    def test_api__get_workspace__ok_200__nominal_case(self) -> None:
+        """
+        Check obtain workspace reachable for user.
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        res = self.testapp.get('/api/v2/workspaces/1', status=200)
+        workspace = res.json_body
+        assert workspace['id'] == 1
+        assert workspace['slug'] == 'w1'
+        assert workspace['label'] == 'w1'
+        assert workspace['description'] == 'This is a workspace'
+        assert len(workspace['sidebar_entries']) == 7
+
+        sidebar_entry = workspace['sidebar_entries'][0]
+        assert sidebar_entry['slug'] == 'dashboard'
+        assert sidebar_entry['label'] == 'Dashboard'
+        assert sidebar_entry['route'] == '/#/workspaces/1/dashboard'  # nopep8
+        assert sidebar_entry['hexcolor'] == "#252525"
+        assert sidebar_entry['fa_icon'] == ""
+
+        sidebar_entry = workspace['sidebar_entries'][1]
+        assert sidebar_entry['slug'] == 'contents/all'
+        assert sidebar_entry['label'] == 'All Contents'
+        assert sidebar_entry['route'] == "/#/workspaces/1/contents"  # nopep8
+        assert sidebar_entry['hexcolor'] == "#fdfdfd"
+        assert sidebar_entry['fa_icon'] == ""
+
+        sidebar_entry = workspace['sidebar_entries'][2]
+        assert sidebar_entry['slug'] == 'contents/htmlpage'
+        assert sidebar_entry['label'] == 'Text Documents'
+        assert sidebar_entry['route'] == '/#/workspaces/1/contents?type=htmlpage'  # nopep8
+        assert sidebar_entry['hexcolor'] == "#3f52e3"
+        assert sidebar_entry['fa_icon'] == "file-text-o"
+
+        sidebar_entry = workspace['sidebar_entries'][3]
+        assert sidebar_entry['slug'] == 'contents/markdownpluspage'
+        assert sidebar_entry['label'] == 'Markdown Plus Documents'
+        assert sidebar_entry['route'] == "/#/workspaces/1/contents?type=markdownpluspage"    # nopep8
+        assert sidebar_entry['hexcolor'] == "#f12d2d"
+        assert sidebar_entry['fa_icon'] == "file-code"
+
+        sidebar_entry = workspace['sidebar_entries'][4]
+        assert sidebar_entry['slug'] == 'contents/files'
+        assert sidebar_entry['label'] == 'Files'
+        assert sidebar_entry['route'] == "/#/workspaces/1/contents?type=file"  # nopep8
+        assert sidebar_entry['hexcolor'] == "#FF9900"
+        assert sidebar_entry['fa_icon'] == "paperclip"
+
+        sidebar_entry = workspace['sidebar_entries'][5]
+        assert sidebar_entry['slug'] == 'contents/threads'
+        assert sidebar_entry['label'] == 'Threads'
+        assert sidebar_entry['route'] == "/#/workspaces/1/contents?type=thread"  # nopep8
+        assert sidebar_entry['hexcolor'] == "#ad4cf9"
+        assert sidebar_entry['fa_icon'] == "comments-o"
+
+        sidebar_entry = workspace['sidebar_entries'][6]
+        assert sidebar_entry['slug'] == 'calendar'
+        assert sidebar_entry['label'] == 'Calendar'
+        assert sidebar_entry['route'] == "/#/workspaces/1/calendar"  # nopep8
+        assert sidebar_entry['hexcolor'] == "#757575"
+        assert sidebar_entry['fa_icon'] == "calendar-alt"
+
+    def test_api__get_workspace__err_403__unallowed_user(self) -> None:
+        """
+        Check obtain workspace unreachable for user
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'lawrence-not-real-email@fsf.local',
+                'foobarbaz'
+            )
+        )
+        res = self.testapp.get('/api/v2/workspaces/1', status=403)
+        assert isinstance(res.json, dict)
+        assert 'code' in res.json.keys()
+        assert 'message' in res.json.keys()
+        assert 'details' in res.json.keys()
+
+    def test_api__get_workspace__err_401__unregistered_user(self) -> None:
+        """
+        Check obtain workspace without registered user.
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'john@doe.doe',
+                'lapin'
+            )
+        )
+        res = self.testapp.get('/api/v2/workspaces/1', status=401)
+        assert isinstance(res.json, dict)
+        assert 'code' in res.json.keys()
+        assert 'message' in res.json.keys()
+        assert 'details' in res.json.keys()
+
+    def test_api__get_workspace__err_403__workspace_does_not_exist(self) -> None:  # nopep8
+        """
+        Check obtain workspace who does not exist with an existing user.
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        res = self.testapp.get('/api/v2/workspaces/5', status=403)
+        assert isinstance(res.json, dict)
+        assert 'code' in res.json.keys()
+        assert 'message' in res.json.keys()
+        assert 'details' in res.json.keys()
+
+
+class TestWorkspaceMembersEndpoint(FunctionalTest):
+    """
+    Tests for /api/v2/workspaces/{workspace_id}/members endpoint
+    """
+
+    fixtures = [BaseFixture, ContentFixtures]
+
+    def test_api__get_workspace_members__ok_200__nominal_case(self):
+        """
+        Check obtain workspace members list with a reachable workspace for user
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        res = self.testapp.get('/api/v2/workspaces/1/members', status=200).json_body   # nopep8
+        assert len(res) == 2
+        user_role = res[0]
+        assert user_role['role_slug'] == 'workspace-manager'
+        assert user_role['role_id'] == 8
+        assert user_role['user_id'] == 1
+        assert user_role['workspace_id'] == 1
+        assert user_role['user']['display_name'] == 'Global manager'
+        # TODO - G.M - 24-05-2018 - [Avatar] Replace
+        # by correct value when avatar feature will be enabled
+        assert user_role['user']['avatar_url'] is None
+
+    def test_api__get_workspace_members__err_403__unallowed_user(self):
+        """
+        Check obtain workspace members list with an unreachable workspace for
+        user
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'lawrence-not-real-email@fsf.local',
+                'foobarbaz'
+            )
+        )
+        res = self.testapp.get('/api/v2/workspaces/3/members', status=403)
+        assert isinstance(res.json, dict)
+        assert 'code' in res.json.keys()
+        assert 'message' in res.json.keys()
+        assert 'details' in res.json.keys()
+
+    def test_api__get_workspace_members__err_401__unregistered_user(self):
+        """
+        Check obtain workspace members list with an unregistered user
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'john@doe.doe',
+                'lapin'
+            )
+        )
+        res = self.testapp.get('/api/v2/workspaces/1/members', status=401)
+        assert isinstance(res.json, dict)
+        assert 'code' in res.json.keys()
+        assert 'message' in res.json.keys()
+        assert 'details' in res.json.keys()
+
+    def test_api__get_workspace_members__err_403__workspace_does_not_exist(self):  # nopep8
+        """
+        Check obtain workspace members list with an existing user but
+        an unexisting workspace
+        """
+        self.testapp.authorization = (
+            'Basic',
+            (
+                'admin@admin.admin',
+                'admin@admin.admin'
+            )
+        )
+        res = self.testapp.get('/api/v2/workspaces/5/members', status=403)
+        assert isinstance(res.json, dict)
+        assert 'code' in res.json.keys()
+        assert 'message' in res.json.keys()
+        assert 'details' in res.json.keys()

tracim/tests/library/test_content_api.py

             config=self.app_config,
             current_user=None,
         )
-        group_api = GroupApi(current_user=None,session=self.session)
+        group_api = GroupApi(
+            current_user=None,
+            session=self.session,
+            config=self.app_config,
+        )
         groups = [group_api.get_one(Group.TIM_USER),
                   group_api.get_one(Group.TIM_MANAGER),
                   group_api.get_one(Group.TIM_ADMIN)]
                                         groups=groups, save_now=True)
         workspace = WorkspaceApi(
             current_user=user,
-            session=self.session
+            session=self.session,
+            config=self.app_config,
         ).create_workspace('test workspace', save_now=True)
         api = ContentApi(
             current_user=user,
 
         # Refresh instances after commit
         user = uapi.get_one(uid)
-        workspace_api = WorkspaceApi(current_user=user, session=self.session)
+        workspace_api = WorkspaceApi(
+            current_user=user,
+            session=self.session,
+            config=self.app_config
+        )
         workspace = workspace_api.get_one(wid)
         api = ContentApi(
             current_user=user,
 
         # Refresh instances after commit
         user = uapi.get_one(uid)
-        workspace_api = WorkspaceApi(current_user=user, session=self.session)
+        workspace_api = WorkspaceApi(
+            current_user=user,
+            session=self.session,
+            config=self.app_config
+        )
         workspace = workspace_api.get_one(wid)
         api = ContentApi(
             current_user=user, 
         # Test that the item is still available if "show deleted" is activated
         # Refresh instances after commit
         user = uapi.get_one(uid)
-        workspace_api = WorkspaceApi(current_user=user, session=self.session)
+        workspace_api = WorkspaceApi(
+            current_user=user,
+            session=self.session,
+            config=self.app_config,
+        )
         api = ContentApi(
             current_user=user,
             session=self.session,
             config=self.app_config,
             current_user=None,
         )
-        group_api = GroupApi(current_user=None, session=self.session)
+        group_api = GroupApi(
+            current_user=None,
+            session=self.session,
+            config=self.app_config,
+        )
         groups = [group_api.get_one(Group.TIM_USER),
                   group_api.get_one(Group.TIM_MANAGER),
                   group_api.get_one(Group.TIM_ADMIN)]
 
-        user = uapi.create_minimal_user(email='this.is@user',
-                                        groups=groups, save_now=True)
-        workspace_api = WorkspaceApi(current_user=user, session=self.session)
+        user = uapi.create_minimal_user(
+            email='this.is@user',
+            groups=groups,
+            save_now=True
+        )
+        workspace_api = WorkspaceApi(
+            current_user=user,
+            session=self.session,
+            config=self.app_config
+        )
+
         workspace = workspace_api.create_workspace(
             'test workspace',
             save_now=True
         transaction.commit()
         # Refresh instances after commit
         user = uapi.get_one(uid)
-        workspace_api = WorkspaceApi(current_user=user, session=self.session)
+        workspace_api = WorkspaceApi(
+            current_user=user,
+            session=self.session,
+            config=self.app_config,
+        )
         api = ContentApi(
             session=self.session,
             current_user=user,
 
         # Refresh instances after commit
         user = uapi.get_one(uid)
-        workspace_api = WorkspaceApi(current_user=user, session=self.session)
+        workspace_api = WorkspaceApi(
+            current_user=user,
+            session=self.session,
+            config=self.app_config,
+        )
         workspace = workspace_api.get_one(wid)
         api = ContentApi(
             current_user=user, 
 
         # Refresh instances after commit
         user = uapi.get_one(uid)
-        workspace_api = WorkspaceApi(current_user=user, session=self.session)
+        workspace_api = WorkspaceApi(
+            current_user=user,
+            session=self.session,
+            config=self.app_config,
+        )
         workspace = workspace_api.get_one(wid)
         api = ContentApi(
             current_user=user,
             config=self.app_config,
             current_user=None,
         )
-        group_api = GroupApi(current_user=None, session=self.session)
+        group_api = GroupApi(
+            current_user=None,
+            session=self.session,
+            config=self.app_config,
+        )
         groups = [group_api.get_one(Group.TIM_USER),
                   group_api.get_one(Group.TIM_MANAGER),
                   group_api.get_one(Group.TIM_ADMIN)]
         )
         workspace = WorkspaceApi(
             current_user=user,
-            session=self.session
+            session=self.session,
+            config=self.app_config,
         ).create_workspace(
             'test workspace',
             save_now=True
 
         # Refresh instances after commit
         user = uapi.get_one(uid)
-        workspace_api = WorkspaceApi(current_user=user, session=self.session)
+        workspace_api = WorkspaceApi(
+            current_user=user,
+            session=self.session,
+            config=self.app_config,
+        )
         workspace = workspace_api.get_one(wid)
         api = ContentApi(
             current_user=user, 
             config=self.app_config,
             current_user=None,
         )
-        group_api = GroupApi(current_user=None, session=self.session)
+        group_api = GroupApi(
+            current_user=None,
+            session=self.session,
+            config=self.app_config
+        )
         groups = [group_api.get_one(Group.TIM_USER),
                   group_api.get_one(Group.TIM_MANAGER),
                   group_api.get_one(Group.TIM_ADMIN)]
                                         groups=groups, save_now=True)
         workspace = WorkspaceApi(
             current_user=user,
-            session=self.session
+            session=self.session,
+            config=self.app_config
         ).create_workspace('test workspace', save_now=True)
         api = ContentApi(
             current_user=user, 
 
         # Refresh instances after commit
         user = uapi.get_one(uid)
-        workspace_api = WorkspaceApi(current_user=user, session=self.session)
+        workspace_api = WorkspaceApi(
+            current_user=user,
+            session=self.session,
+            config=self.app_config,
+        )
         workspace = workspace_api.get_one(wid)
         api = ContentApi(
             current_user=user,
         )
         group_api = GroupApi(
             current_user=None,
-            session=self.session
+            session=self.session,
+            config=self.app_config,
         )
         groups = [group_api.get_one(Group.TIM_USER),
                   group_api.get_one(Group.TIM_MANAGER),
 
         workspace = WorkspaceApi(
             current_user=user,
-            session=self.session
+            session=self.session,
+            config=self.app_config,
         ).create_workspace(
             'test workspace',
             save_now=True
         )
         group_api = GroupApi(
             current_user=None,
-            session=self.session
+            session=self.session,
+            config=self.app_config,
         )
         groups = [group_api.get_one(Group.TIM_USER),
                   group_api.get_one(Group.TIM_MANAGER),
 
         workspace = WorkspaceApi(
             current_user=user,
-            session=self.session
+            session=self.session,
+            config=self.app_config,
         ).create_workspace(
             'test workspace',
             save_now=True
         )
         group_api = GroupApi(
             current_user=None,
-            session=self.session
+            session=self.session,
+            config=self.config,
         )
         groups = [group_api.get_one(Group.TIM_USER),
                   group_api.get_one(Group.TIM_MANAGER),
 
         workspace = WorkspaceApi(
             current_user=user,
-            session=self.session
+            session=self.session,
+            config=self.app_config,
         ).create_workspace(
             'test workspace',
             save_now=True
         )
         group_api = GroupApi(
             current_user=None,
-            session=self.session
+            session=self.session,
+            config=self.app_config
         )
         groups = [group_api.get_one(Group.TIM_USER),
                   group_api.get_one(Group.TIM_MANAGER),
         )
         workspace = WorkspaceApi(
             current_user=user,
-            session=self.session
+            session=self.session,
+            config=self.app_config,
         ).create_workspace(
             'test workspace',
             save_now=True
         )
-        RoleApi(current_user=user, session=self.session).create_one(
+        RoleApi(
+            current_user=user,
+            session=self.session,
+            config=self.app_config,
+        ).create_one(
             user2,
             workspace,
             UserRoleInWorkspace.WORKSPACE_MANAGER,
         workspace2 = WorkspaceApi(
             current_user=user2,
             session=self.session,
+            config=self.app_config,
         ).create_workspace(
             'test workspace2',
             save_now=True
         )
         group_api = GroupApi(
             current_user=None,
-            session=self.session
+            session=self.session,
+            config=self.app_config,
         )
         groups = [group_api.get_one(Group.TIM_USER),
                   group_api.get_one(Group.TIM_MANAGER),
         )
         workspace = WorkspaceApi(
             current_user=user,
-            session=self.session
+            session=self.session,
+            config=self.app_config,
         ).create_workspace(
             'test workspace',
             save_now=True
         )
-        RoleApi(current_user=user, session=self.session).create_one(
+        RoleApi(
+            current_user=user,
+            session=self.session,
+            config=self.app_config,
+        ).create_one(
             user2,
             workspace,
             UserRoleInWorkspace.WORKSPACE_MANAGER,
         )
         workspace2 = WorkspaceApi(
             current_user=user2,
-            session=self.session
+            session=self.session,
+            config=self.app_config,
         ).create_workspace(
             'test workspace2',
             save_now=True
         )
         group_api = GroupApi(
             current_user=None,
-            session=self.session
+            session=self.session,
+            config=self.app_config,
         )
         groups = [group_api.get_one(Group.TIM_USER),
                   group_api.get_one(Group.TIM_MANAGER),
         )
         workspace = WorkspaceApi(
             current_user=user,
-            session=self.session
+            session=self.session,
+            config=self.app_config,
         ).create_workspace(
             'test workspace',
             save_now=True
         )
-        RoleApi(current_user=user, session=self.session).create_one(
+        RoleApi(
+            current_user=user,
+            session=self.session,
+            config=self.app_config,
+        ).create_one(
             user2, workspace,
             UserRoleInWorkspace.WORKSPACE_MANAGER,
             with_notif=False
         )
         group_api = GroupApi(
             current_user=None,
-            session=self.session
+            session=self.session,
+            config=self.app_config,
         )
         groups = [group_api.get_one(Group.TIM_USER),
                   group_api.get_one(Group.TIM_MANAGER),
         wapi = WorkspaceApi(
             current_user=user_a,
             session=self.session,
+            config=self.app_config,
         )
         workspace1 = wapi.create_workspace(
             'test workspace n°1',
         role_api1 = RoleApi(
             current_user=user_a,
             session=self.session,
+            config=self.app_config,
         )
         role_api1.create_one(
             user_b,
         role_api2 = RoleApi(
             current_user=user_b,
             session=self.session,
+            config=self.app_config,
         )
         role_api2.create_one(user_b, workspace2, UserRoleInWorkspace.READER,
                              False)
         )
         group_api = GroupApi(
             current_user=None,
-            session=self.session
+            session=self.session,
+            config = self.app_config,
         )
         groups = [group_api.get_one(Group.TIM_USER),
                   group_api.get_one(Group.TIM_MANAGER),
             save_now=True
         )
 
-        wapi = WorkspaceApi(current_user=user_a, session=self.session)
+        wapi = WorkspaceApi(
+            current_user=user_a,
+            session=self.session,
+            config=self.app_config,
+        )
         workspace_api = WorkspaceApi(
             current_user=user_a,
-            session=self.session
+            session=self.session,
+            config=self.app_config,
         )
         workspace = wapi.create_workspace(
             'test workspace',
         role_api = RoleApi(
             current_user=user_a,
             session=self.session,
+            config=self.app_config,
         )
         role_api.create_one(
             user_b,
             config=self.app_config,
             current_user=None,
         )
-        group_api = GroupApi(current_user=None, session=self.session)
+        group_api = GroupApi(
+            current_user=None,
+            session=self.session,
+            config=self.app_config,
+        )
         groups = [group_api.get_one(Group.TIM_USER),
                   group_api.get_one(Group.TIM_MANAGER),
                   group_api.get_one(Group.TIM_ADMIN)]
         wapi = WorkspaceApi(
             current_user=user_a,
             session=self.session,
+            config=self.app_config,
         )
         workspace = wapi.create_workspace(
             'test workspace',
         role_api = RoleApi(
             current_user=user_a,
             session=self.session,
+            config=self.app_config,
         )
         role_api.create_one(
             user_b,
             config=self.app_config,
             current_user=None,
         )
-        group_api = GroupApi(current_user=None, session=self.session)
+        group_api = GroupApi(
+            current_user=None,
+            session=self.session,
+            config=self.app_config,
+        )
         groups = [group_api.get_one(Group.TIM_USER),
                   group_api.get_one(Group.TIM_MANAGER),
                   group_api.get_one(Group.TIM_ADMIN)]
             save_now=True
         )
 
-        workspace_api = WorkspaceApi(current_user=user1, session=self.session)
+        workspace_api = WorkspaceApi(
+            current_user=user1,
+            session=self.session,
+            config=self.app_config,
+        )
         workspace = workspace_api.create_workspace(
             'test workspace',
             save_now=True
 
         RoleApi(
             current_user=user1,
-            session=self.session
+            session=self.session,
+            config=self.app_config,
         ).create_one(
             user2,
             workspace,
         user1 = uapi.get_one(u1id)
         workspace = WorkspaceApi(
             current_user=user1,
-            session=self.session
+            session=self.session,
+            config=self.app_config,
         ).get_one(wid)
         api = ContentApi(
             current_user=user1,
         workspace = WorkspaceApi(
             current_user=user1,
             session=self.session,
+            config=self.app_config,
         ).get_one(wid)
         api = ContentApi(
             current_user=user1,
         )
         group_api = GroupApi(
             current_user=None,
-            session=self.session
+            session=self.session,
+            config = self.app_config,
         )
         groups = [group_api.get_one(Group.TIM_USER),
                   group_api.get_one(Group.TIM_MANAGER),
         workspace = WorkspaceApi(
             current_user=user1,
             session=self.session,
+            config=self.app_config,
         ).create_workspace(
             'test workspace',
             save_now=True
 
         RoleApi(
             current_user=user1,
-            session=self.session
+            session=self.session,
+            config=self.app_config,
         ).create_one(
             user2,
             workspace,
         )
         group_api = GroupApi(
             current_user=None,
-            session=self.session
+            session=self.session,
+            config=self.app_config,
         )
         groups = [group_api.get_one(Group.TIM_USER),
                   group_api.get_one(Group.TIM_MANAGER),
             save_now=True
         )
 
-        workspace_api = WorkspaceApi(current_user=user1, session=self.session)
+        workspace_api = WorkspaceApi(
+            current_user=user1,
+            session=self.session,
+            config=self.app_config,
+        )
         workspace = workspace_api.create_workspace(
             'test workspace',
             save_now=True
         RoleApi(
             current_user=user1,
             session=self.session,
+            config=self.app_config,
         ).create_one(
             user2,
             workspace,
 
         # Refresh instances after commit
         user1 = uapi.get_one(u1id)
-        workspace_api2 = WorkspaceApi(current_user=user1, session=self.session)
+        workspace_api2 = WorkspaceApi(
+            current_user=user1,
+            session=self.session,
+            config=self.app_config,
+        )
         workspace = workspace_api2.get_one(wid)
         api = ContentApi(
             current_user=user1,
         workspace = WorkspaceApi(
             current_user=user1,
             session=self.session,
+            config=self.app_config,
         ).get_one(wid)
 
         updated = api.get_one(pcid, ContentType.Any, workspace)
         group_api = GroupApi(
             current_user=None,
             session=self.session,
+            config=self.app_config,
         )
         groups = [group_api.get_one(Group.TIM_USER),
                   group_api.get_one(Group.TIM_MANAGER),
             save_now=True,
         )
 
-        workspace_api = WorkspaceApi(current_user=user1, session=self.session)
+        workspace_api = WorkspaceApi(
+            current_user=user1,
+            session=self.session,
+            config=self.app_config,
+        )
         workspace = workspace_api.create_workspace(
             'test workspace',
             save_now=True
         RoleApi(
             current_user=user1,
             session=self.session,
+            config=self.app_config,
         ).create_one(
             user2,
             workspace,
             config=self.app_config,
             current_user=None,
         )
-        group_api = GroupApi(current_user=None, session=self.session)
+        group_api = GroupApi(
+            current_user=None,
+            session=self.session,
+            config=self.app_config,
+        )
         groups = [group_api.get_one(Group.TIM_USER),
                   group_api.get_one(Group.TIM_MANAGER),
                   group_api.get_one(Group.TIM_ADMIN)]
         )
         u1id = user1.user_id
 
-        workspace_api = WorkspaceApi(current_user=user1, session=self.session)
+        workspace_api = WorkspaceApi(
+            current_user=user1,
+            session=self.session,
+            config=self.app_config,
+        )
         workspace = workspace_api.create_workspace(
             'test workspace',
             save_now=True
 
         RoleApi(
             current_user=user1,
-            session=self.session
+            session=self.session,
+            config=self.app_config,
         ).create_one(
             user2,
             workspace,
         ).get_one(u1id)
         workspace = WorkspaceApi(
             current_user=user1,
-            session=self.session
+            session=self.session,
+            config=self.app_config,
         ).get_one(wid)
 
         content = api.get_one(pcid, ContentType.Any, workspace)
         workspace = WorkspaceApi(
             current_user=user1,
             session=self.session,
+            config=self.app_config,
         ).get_one(wid)
         u2 = UserApi(
             current_user=None,
         )
         group_api = GroupApi(
             current_user=None,
-            session=self.session
+            session=self.session,
+            config=self.app_config,
         )
         groups = [group_api.get_one(Group.TIM_USER),
                   group_api.get_one(Group.TIM_MANAGER),
         )
         u1id = user1.user_id
 
-        workspace_api = WorkspaceApi(current_user=user1, session=self.session)
+        workspace_api = WorkspaceApi(
+            current_user=user1,
+            session=self.session,
+            config=self.app_config,
+        )
         workspace = workspace_api.create_workspace(
             'test workspace',
             save_now=True
 
         RoleApi(
             current_user=user1,
-            session=self.session
+            session=self.session,
+            config=self.app_config,
         ).create_one(
             user2,
             workspace,
         workspace = WorkspaceApi(
             current_user=user1,
             session=self.session,
+            config=self.app_config,
         ).get_one(wid)
 
         content = api.get_one(pcid, ContentType.Any, workspace)
         workspace = WorkspaceApi(
             current_user=user1,
             session=self.session,
+            config=self.app_config,
         ).get_one(wid)
         # show archived is used at the top end of the test
         api = ContentApi(
         group_api = GroupApi(
             current_user=None,
             session=self.session,
+            config=self.app_config,
         )
         groups = [group_api.get_one(Group.TIM_USER),
                   group_api.get_one(Group.TIM_MANAGER),
 
         workspace = WorkspaceApi(
             current_user=user,
-            session=self.session
+            session=self.session,
+            config=self.app_config,
         ).create_workspace(
             'test workspace',
             save_now=True
             current_user=user, 
             session=self.session,
             config=self.app_config,
-
         )
         a = api.create(ContentType.Folder, workspace, None,
                        'this is randomized folder', True)
         group_api = GroupApi(
             current_user=None,
             session=self.session,
+            config=self.app_config,
         )
         groups = [group_api.get_one(Group.TIM_USER),
                   group_api.get_one(Group.TIM_MANAGER),
 
         workspace = WorkspaceApi(
             current_user=user,
-            session=self.session
+            session=self.session,
+            config=self.app_config,
         ).create_workspace(
             'test workspace',
             save_now=True,
             config=self.app_config,
             current_user=None,
         )
-        group_api = GroupApi(current_user=None, session=self.session)
+        group_api = GroupApi(
+            current_user=None,
+            session=self.session,
+            config=self.app_config,
+        )
         groups = [group_api.get_one(Group.TIM_USER),
                   group_api.get_one(Group.TIM_MANAGER),
                   group_api.get_one(Group.TIM_ADMIN)]
 
         workspace = WorkspaceApi(
             current_user=user,
-            session=self.session
+            session=self.session,
+            config=self.app_config,
         ).create_workspace('test workspace', save_now=True)
 
         api = ContentApi(
         bob_workspace = WorkspaceApi(
             current_user=bob,
             session=self.session,
+            config=self.app_config,
         ).create_workspace(
             'bob_workspace',
             save_now=True,
         admin_workspace = WorkspaceApi(
             current_user=admin,
             session=self.session,
+            config=self.app_config,
         ).create_workspace(
             'admin_workspace',
             save_now=True,

tracim/tests/library/test_user_api.py

 
 import transaction
 
-from tracim.exceptions import UserNotExist, AuthenticationFailed
+from tracim.exceptions import UserDoesNotExist, AuthenticationFailed
 from tracim.lib.core.user import UserApi
 from tracim.models import User
 from tracim.models.context_models import UserInContext
             session=self.session,
             config=self.config,
         )
-        with pytest.raises(NoResultFound):
+        with pytest.raises(UserDoesNotExist):
             api.get_one_by_email('unknown')
 
     def test_unit__get_all__ok__nominal_case(self):
             session=self.session,
             config=self.config,
         )
-        with pytest.raises(UserNotExist):
+        with pytest.raises(UserDoesNotExist):
             api.get_current_user()
 
     def test_unit__authenticate_user___ok__nominal_case(self):
             config=self.config,
         )
         with pytest.raises(AuthenticationFailed):
-            api.authenticate_user('unknown_user', 'wrong_password')
+            api.authenticate_user('admin@admin.admin', 'wrong_password')

tracim/tests/library/test_workspace.py

             .filter(User.email == 'admin@admin.admin').one()
         wapi = WorkspaceApi(
             session=self.session,
+            config=self.app_config,
             current_user=admin,
         )
         w = wapi.create_workspace(label='workspace w', save_now=True)
         rapi = RoleApi(
             session=self.session,
             current_user=admin,
+            config=self.app_config,
         )
         r = rapi.create_one(u, w, UserRoleInWorkspace.READER, with_notif=True)
         eq_([r, ], wapi.get_notifiable_roles(workspace=w))
         wapi = WorkspaceApi(
             session=self.session,
             current_user=admin,
+            config=self.app_config,
         )
         eq_([], wapi.get_all_manageable())
         # Checks an admin gets all workspaces.
         gapi = GroupApi(
             session=self.session,
             current_user=None,
+            config=self.app_config,
         )
         u = uapi.create_minimal_user('u.s@e.r', [gapi.get_one(Group.TIM_USER)], True)
         wapi = WorkspaceApi(
             session=self.session,
-            current_user=u
+            current_user=u,
+            config=self.app_config,
         )
         rapi = RoleApi(
             session=self.session,
-            current_user=u
+            current_user=u,
+            config=self.app_config,
         )
         rapi.create_one(u, w4, UserRoleInWorkspace.READER, False)
         rapi.create_one(u, w3, UserRoleInWorkspace.CONTRIBUTOR, False)

tracim/views/core_api/schemas.py

 # coding=utf-8
 import marshmallow
 from marshmallow import post_load
+from marshmallow.validate import OneOf
 
-from tracim.models.context_models import LoginCredentials, UserInContext
+from tracim.models.auth import Profile
+from tracim.models.context_models import LoginCredentials
+from tracim.models.data import UserRoleInWorkspace
 
 
 class ProfileSchema(marshmallow.Schema):
-    id = marshmallow.fields.Int(dump_only=True)
-    slug = marshmallow.fields.String(attribute='name')
+    id = marshmallow.fields.Int(dump_only=True, validate=OneOf(Profile._IDS))
+    slug = marshmallow.fields.String(attribute='name', validate=OneOf(Profile._NAME))
 
 
 class UserSchema(marshmallow.Schema):
     )
 
 
+class UserIdPathSchema(marshmallow.Schema):
+    user_id = marshmallow.fields.Int()
+
+
+class WorkspaceIdPathSchema(marshmallow.Schema):
+    workspace_id = marshmallow.fields.Int()
+
+
 class BasicAuthSchema(marshmallow.Schema):
 
     email = marshmallow.fields.Email(required=True)
 
 class NoContentSchema(marshmallow.Schema):
     pass
+
+
+class WorkspaceMenuEntrySchema(marshmallow.Schema):
+    slug = marshmallow.fields.String()
+    label = marshmallow.fields.String()
+    route = marshmallow.fields.String()
+    hexcolor = marshmallow.fields.String()
+    fa_icon = marshmallow.fields.String()
+
+
+class WorkspaceDigestSchema(marshmallow.Schema):
+    id = marshmallow.fields.Int()
+    label = marshmallow.fields.String()
+    sidebar_entries = marshmallow.fields.Nested(
+        WorkspaceMenuEntrySchema,
+        many=True,
+    )
+
+
+class WorkspaceSchema(WorkspaceDigestSchema):
+    slug = marshmallow.fields.String()
+    description = marshmallow.fields.String()
+
+
+class WorkspaceMemberSchema(marshmallow.Schema):
+    role_id = marshmallow.fields.Int(validate=OneOf(UserRoleInWorkspace.get_all_role_values()))  # nopep8
+    role_slug = marshmallow.fields.String(validate=OneOf(UserRoleInWorkspace.get_all_role_slug()))  # nopep8
+    user_id = marshmallow.fields.Int()
+    workspace_id = marshmallow.fields.Int()
+    user = marshmallow.fields.Nested(
+        UserSchema(only=('display_name', 'avatar_url'))
+    )
+
+
+class ApplicationConfigSchema(marshmallow.Schema):
+    pass
+    #  TODO - G.M - 24-05-2018 - Set this
+
+
+class ApplicationSchema(marshmallow.Schema):
+    label = marshmallow.fields.String()
+    slug = marshmallow.fields.String()
+    fa_icon = marshmallow.fields.String()
+    hexcolor = marshmallow.fields.String()
+    is_active = marshmallow.fields.Boolean()
+    config = marshmallow.fields.Nested(
+        ApplicationConfigSchema,
+    )

tracim/views/core_api/session_controller.py

 from tracim.views.core_api.schemas import NoContentSchema
 from tracim.views.core_api.schemas import LoginOutputHeaders
 from tracim.views.core_api.schemas import BasicAuthSchema
-from tracim.exceptions import NotAuthentificated
+from tracim.exceptions import NotAuthenticated
 from tracim.exceptions import AuthenticationFailed
 
 
         return
 
     @hapic.with_api_doc()
-    @hapic.handle_exception(NotAuthentificated, HTTPStatus.UNAUTHORIZED)
+    @hapic.handle_exception(NotAuthenticated, HTTPStatus.UNAUTHORIZED)
     @hapic.output_body(UserSchema(),)
     def whoami(self, context, request: TracimRequest, hapic_data=None):
         """

tracim/views/core_api/system_controller.py

+# coding=utf-8
+from pyramid.config import Configurator
+
+from tracim.exceptions import NotAuthenticated, InsufficientUserProfile
+from tracim.lib.utils.authorization import require_profile
+from tracim.models import Group
+from tracim.models.applications import applications
+
+try:  # Python 3.5+
+    from http import HTTPStatus
+except ImportError:
+    from http import client as HTTPStatus
+
+from tracim import TracimRequest
+from tracim.extensions import hapic
+from tracim.views.controllers import Controller
+from tracim.views.core_api.schemas import ApplicationSchema
+
+
+class SystemController(Controller):
+
+    @hapic.with_api_doc()
+    @hapic.handle_exception(NotAuthenticated, HTTPStatus.UNAUTHORIZED)
+    @hapic.handle_exception(InsufficientUserProfile, HTTPStatus.FORBIDDEN)
+    @require_profile(Group.TIM_USER)
+    @hapic.output_body(ApplicationSchema(many=True),)
+    def applications(self, context, request: TracimRequest, hapic_data=None):
+        """
+        Get list of alls applications installed in this tracim instance.
+        """
+        return applications
+
+    def bind(self, configurator: Configurator) -> None:
+        """
+        Create all routes and views using pyramid configurator
+        for this controller
+        """
+
+        # Applications
+        configurator.add_route('applications', '/system/applications', request_method='GET')  # nopep8
+        configurator.add_view(self.applications, route_name='applications')
+

tracim/views/core_api/user_controller.py

+from pyramid.config import Configurator
+from sqlalchemy.orm.exc import NoResultFound
+
+from tracim.lib.utils.authorization import require_same_user_or_profile
+from tracim.models import Group
+from tracim.models.context_models import WorkspaceInContext
+
+try:  # Python 3.5+
+    from http import HTTPStatus
+except ImportError:
+    from http import client as HTTPStatus
+
+from tracim import hapic, TracimRequest
+
+from tracim.exceptions import NotAuthenticated
+from tracim.exceptions import InsufficientUserProfile
+from tracim.exceptions import UserDoesNotExist
+from tracim.lib.core.workspace import WorkspaceApi
+from tracim.views.controllers import Controller
+from tracim.views.core_api.schemas import UserIdPathSchema
+from tracim.views.core_api.schemas import WorkspaceDigestSchema
+
+
+class UserController(Controller):
+
+    @hapic.with_api_doc()
+    @hapic.handle_exception(NotAuthenticated, HTTPStatus.UNAUTHORIZED)
+    @hapic.handle_exception(InsufficientUserProfile, HTTPStatus.FORBIDDEN)
+    @hapic.handle_exception(UserDoesNotExist, HTTPStatus.NOT_FOUND)
+    @require_same_user_or_profile(Group.TIM_ADMIN)
+    @hapic.input_path(UserIdPathSchema())
+    @hapic.output_body(WorkspaceDigestSchema(many=True),)
+    def user_workspace(self, context, request: TracimRequest, hapic_data=None):
+        """
+        Get list of user workspaces
+        """
+        app_config = request.registry.settings['CFG']
+        wapi = WorkspaceApi(
+            current_user=request.current_user,  # User
+            session=request.dbsession,
+            config=app_config,
+        )
+        
+        workspaces = wapi.get_all_for_user(request.candidate_user)
+        return [
+            WorkspaceInContext(workspace, request.dbsession, app_config)
+            for workspace in workspaces
+        ]
+
+    def bind(self, configurator: Configurator) -> None:
+        """
+        Create all routes and views using pyramid configurator
+        for this controller
+        """
+
+        # Applications
+        configurator.add_route('user_workspace', '/users/{user_id}/workspaces', request_method='GET')  # nopep8
+        configurator.add_view(self.user_workspace, route_name='user_workspace')

tracim/views/core_api/workspace_controller.py

+import typing
+
+from pyramid.config import Configurator
+from sqlalchemy.orm.exc import NoResultFound
+
+from tracim.lib.core.userworkspace import RoleApi
+from tracim.lib.utils.authorization import require_workspace_role
+from tracim.models.context_models import WorkspaceInContext
+from tracim.models.context_models import UserRoleWorkspaceInContext
+from tracim.models.data import UserRoleInWorkspace
+
+try:  # Python 3.5+
+    from http import HTTPStatus
+except ImportError:
+    from http import client as HTTPStatus
+
+from tracim import hapic, TracimRequest
+from tracim.exceptions import NotAuthenticated
+from tracim.exceptions import InsufficientUserProfile
+from tracim.exceptions import WorkspaceNotFound
+from tracim.lib.core.user import UserApi
+from tracim.lib.core.workspace import WorkspaceApi
+from tracim.views.controllers import Controller
+from tracim.views.core_api.schemas import WorkspaceSchema
+from tracim.views.core_api.schemas import UserSchema
+from tracim.views.core_api.schemas import WorkspaceIdPathSchema
+from tracim.views.core_api.schemas import WorkspaceMemberSchema
+
+class WorkspaceController(Controller):
+
+    @hapic.with_api_doc()
+    @hapic.handle_exception(NotAuthenticated, HTTPStatus.UNAUTHORIZED)
+    @hapic.handle_exception(InsufficientUserProfile, HTTPStatus.FORBIDDEN)
+    @hapic.handle_exception(WorkspaceNotFound, HTTPStatus.FORBIDDEN)
+    @require_workspace_role(UserRoleInWorkspace.READER)
+    @hapic.input_path(WorkspaceIdPathSchema())
+    @hapic.output_body(WorkspaceSchema())
+    def workspace(self, context, request: TracimRequest, hapic_data=None):
+        """
+        Get workspace informations
+        """
+        wid = hapic_data.path['workspace_id']
+        app_config = request.registry.settings['CFG']
+        wapi = WorkspaceApi(
+            current_user=request.current_user,  # User
+            session=request.dbsession,
+            config=app_config,
+        )
+        return wapi.get_workspace_with_context(request.current_workspace)
+
+    @hapic.with_api_doc()
+    @hapic.handle_exception(NotAuthenticated, HTTPStatus.UNAUTHORIZED)
+    @hapic.handle_exception(InsufficientUserProfile, HTTPStatus.FORBIDDEN)
+    @hapic.handle_exception(WorkspaceNotFound, HTTPStatus.FORBIDDEN)
+    @require_workspace_role(UserRoleInWorkspace.READER)
+    @hapic.input_path(WorkspaceIdPathSchema())
+    @hapic.output_body(WorkspaceMemberSchema(many=True))
+    def workspaces_members(
+            self,
+            context,
+            request: TracimRequest,
+            hapic_data=None
+    ) -> typing.List[UserRoleWorkspaceInContext]:
+        """
+        Get Members of this workspace
+        """
+        app_config = request.registry.settings['CFG']
+        rapi = RoleApi(
+            current_user=request.current_user,
+            session=request.dbsession,
+            config=app_config,
+        )
+        
+        roles = rapi.get_all_for_workspace(request.current_workspace)
+        return [
+            rapi.get_user_role_workspace_with_context(user_role)
+            for user_role in roles
+        ]
+
+    def bind(self, configurator: Configurator) -> None:
+        """
+        Create all routes and views using
+        pyramid configurator for this controller
+        """
+
+        # Applications
+        configurator.add_route('workspace', '/workspaces/{workspace_id}', request_method='GET')  # nopep8
+        configurator.add_view(self.workspace, route_name='workspace')
+        configurator.add_route('workspace_members', '/workspaces/{workspace_id}/members', request_method='GET')  # nopep8
+        configurator.add_view(self.workspaces_members, route_name='workspace_members')  # nopep8